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(54) TiUe: PREBOOT PROTECTION FOR A DATA SEC:URrrY SYSTEM 



(57) Abstract 

A secure computer controlling access 
to data storage devices via a card reader. A 
microprocessor-controlled card reader inter- 
face logically connected to the card reader 
and the central processing unit (CPU) of the 
computer reads and wriies information from 
and to a card placed in the card reader and 
performs additional functions in response to 
commands received from the CPU. The card 
reader interface includes an encryption en- 
gine for encrypting data in a data storage 
device and a boot ROM containing verifica- 
tion program code executed during an ini- 
tialization procedure. The verification pro- 
gram verifies that a valid user card has been 
placed in the card reader, reads one or more 
questions from the user card, asks the ques- 
tions of the user and verifies the ansv^ers 
against the contents of the card. If autho- 
rization is verified, the card reader interface 
permits the user to access the encrypted data. 
Otherwise, the user is denied access to the 
data by one or more of the following meth- 
ods: freezing the system bus, and requiring 
the user to reset the computer and re-enter 
the verification program; logically destroy- 
ing the data in the data storage devices; and 
physically destroying the data storage de- 
vices. 
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PREBCK^PROTECnON FOR A DATA SBCUROY SYSTEM 

5 Technical Field of the Invenrion 

The present invention pertains generally to conputer security 
systems, and more particularly to a microprocessor-controlled system for 
controlling user access to and dissemination of secure data stored in a secure 
connputer. 

10 Background of Ae Invmrion 

There has been an enormous increase in the use of conputers 
for processing and storing sensitive infomtiation in a wide variety of 
commerdal and government q}plications. Conpiter systems have evolved 
from large systems with restricted access to smaU systons which may be 

15 portable and easily accessed by several users. As conqxnients have becooie 
more easfly accessible and as demand for easy compoLer access has spread, 
there has arisen a greater need for &e protection of sensitive data. 

One method for securing access to conpiter systems is to 
restrict the physical access to the conputo: syst^ howevo-, such restriction 

20 is inefiScient for typical conput^ system installations which favor shared 
access and increased portability. The cost of securing conpiter systems by 
restricting physical access is also prohibitive. 

Another method for providing security of sensitive data is to 
use a program to restrict access to the conputor system However, this 

25 method has drawbacks. For instance, an unautiiorized xiser can often bypass 
the security program or routines which invoke the security program to gain 
access to the ccaxpiter system Evot if the security program proves to be 
difficult to bypass, the unauthorized user can simply remove the information 
stored in the con[q)uta' by removing the memory or monitoring the data bus. 

30 For cxamplt, a hard drive could be reuKwed from the conpiter and installed 
in another conpiter to read the cont^ of the hard drive. 

To prevent sudi unauthorized access and retrieval of sensitive 
information, srasitive data may be destroyed dflier logicaUy or 0iysically. 
Logical destruction requires that any data destroyed be unintelligible to 

35 another user after the destruction process has taken place. The storage media 
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will typically still be reusable. An exanple of a logical destruction program 
is a program which erases the sensitive files on a hard drive when an 
unauthorized access is detected Physical data destruction, on the other hand, 
requires catastrophic destruction of the storage media to msure that the 
S contents in the storage media are irretrievably lost. 

In some plications the program destroying die logical data 
fails to conpletely destroy the data and advanced data retrieval techniques 
may be employed to recover traces of logically destroyed informatiQa For 
exanple, information on a hard drive of a conpjter may be recovered by 
10 methods which detect previously written and erased binaiy words from trace 
magnetic remnants of the words. If the logical destruction methods are only 
partially effective, physical destruction tediniques may also be required to 
ensure tiiat the data is destroyed and cannot be recovered. 

It may be desirable to restrict access to particular peripheral 
15 devices on a con^uter or workstation, rather than restricting access to the 
entire conq^uter system. Modem conputo" security systons fail to provide 
such restricted access. 

Therefore, there is a need in the art for a computer security 
system which prohibits unauthorized access and which is not vulnerable to 
20 bypass yet maintains the portability and flexibility inherent in a modmi 
conqDuter system There is a further need to provide conplete protection of 
soisitive data such that tibe data may not be recovered by bypassing the data 
protection systmi or by physical removal of data storage devices. Finally, the 
system must also provide conplete destruction of sensitive data to prevent 
25 retrieval of data traces. 

Summary of the Invention 
To overcome these and odier shortcomings and limitations in 
the art which will become dpparmt to those skilled in the art upon reading 
and undCTStandiDg tfie following detailed description, the present invention 
30 provides a system for controlling access to sensitive information on a 

computer without conproraising the security of sensitive data The present 
invention restricts conputer access to authorized users. In addition, it detects 
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attempts to imitate an authorized user to gain access. Further, the present 
invention provides for configurable logical and physical destruction of 
sensitive data, and provides means for adjusting the threshold requirement for 
destruction and the level of destruction to suit the degree of security required 
5 for the information stored on the conpiter. Finally, the presCTt iniventioii 
provides a means, under the control of a centralized audiQrizatiQn security 
administrator, for limitiiig access to portions of tfie overall conputer system 
depending on the access privileges configured for eadi individual user. 

In one embodiment of the present invention, a microprocessor- 

10 controlled card read^ interface logically connected to the CPU of the 

conputer reads and writes information firom and to an integrated circuit card 
("card" or "smart card") placed in the card reader. The information read is 
presented to the CPU to determine vdiether the user is authorized to use the 
computer; the CPU then specifies vMch poipherals the user is authorized to 

15 access. A card reader interface board logically connected to the data and 
address buses of a coirputer monitors address bus of the conputer and 
restricts access to the data storage devices and configurable ports in the 
system and executes a spedal verification program to verify authorization of 
the user. 

20 According to one embodimmt of the present invention, vAim a 

vah'd user card is placed in the card reader one or more questions are read 
fi-om the card and displ^^ to Ae user. He visa's responses are conpared to 
the correct answers stored on the card and, if the responses match the CQmect 
answers, the CPU is allowed to access all peripherals the user has been 

25 authorized to use. Cbmputer security is inp-oved by coordinating 

identification infomiation received fi*om Ae card, us^, and conpiter RAM to 
ensure proper verificatioa The system requires that the same card, user, and 
computer be used to control access. 

In one embodimenl of this invention, the system provides for a 

30 method of initializing and authorizing a user card with a security administrator 
card Upon a valid security administrator card being placed in the card 
reader, a security administrator initializes and authorizes one or more 



I 



wo 95/24696 



PCT/US95/02579 



4 

individual user cards by selecting from a list of menu options displayed to the 
security administrator. The security administrator iiq^uts a list of questions 
and answers wWch are then stored on the usct card for use during the 
verification procedure. 
5 to one embodiment of the present invention, the systan 

provides for a hierarchy of access privileges by encoding access codes direcdy 
on the card whidi allow vscrs with siq)eriQr access privileges to access data 
on conputers of tisers with inferior access privileges. The same coding 
system prevents the vxscrs with mfoior access privileges from accessing the 

10 conputers of those with siperior access privileges. 

to one enibodimmt of the present invention, the system 
provides for the physical or logical destruction of data in response to 
unauthorized attenpts by a usct to violate the physical or logical mtegrity of 
the CQnq)uter systmi The pl^ical and logical destruction of data may be 

15 disabled for mamtenance or configuration purposes by use of a maintenance 
card 

The preceding and other features and advantages of flie 
mvention will become finther apparent from the detailed desaiption that 
follows. This description is accortpanied by a set of drawing figures. 
20 Numerals are employed throughout the written description and the drawings to 
point out die various features of this invmtion, like numerals refmiiig to like 
features tfarou^ut. 

Brief Description of the Drawings 
to the drawings, vAierc like numerals describe like con^xments 
25 througjiout ibe several views: 

FIGURE 1 A is a perspective view of a first embodiment of a 
secure conq>uter system irq^lemented according to the present invention; 

FIGURE IB is a blodc diagram showuig flie high-level 
architecture of a first embodin^nt of a secure computer system implfflfiented 
30 according to the present invention; 
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FIGURE IC is an electrical block diagram showing the 
microprocessor-controlled card reader interface for a first OTibodiment of a 
secure conputer system according to the present invention; 

FIGURE ID is a perspective view of a second embodiment of a 
5 secure conputer system iir5}lemented according to the present invention; 

FIGURE IE is a perspective view of a third embodiment of a 
secure conpiter system implemented according to the present invention; 

FIGURE 2A is a blodc diagram of a conputer system with a 
hard drive and intoface board; 
10 FIGURE 2B is a block diagram showing how a conspatcr 

system with hard drive is modified to create a secure conpit^ systrai 
acceding to a second embodiment of the present invention; 

FIGURE 3 is a blodc diagram showing die hi^ level 
architecture of a secure conputer systom according to a second embodiment 
15 of the present invention; 

FIGURE 4 is a blodc diagram showing the hi^ level 
architecture of one embcxliment of the control ASIC shown in FIGURE 3; 

FIGURE 5 shows a blcx:k diagram illustrating the operation of 
one embodimoit of the data steering networic shown in FIGURE 3; 
20 FIGURE 6 is a block diagram showing the loadCT prc^gram and 

verification program resident in* the read only memory (ROM) of one 
embodiment of the card reada* interface board of FIGURE 3; 

FIGURES 7A, 7B, 7C, and 7D are a flow diagram showing 
program steps taken to initialize and execute the security pcvtion of a secure 
25 conputer system program according to the present invention; 

FIGURE 8 is a block diagram showing a hiorirchy of access 
for us^ of a secure conq3uter system; and 

HGURE 9A and HGURE 9B illustrate a pictorial display of 
one embodimoit of a mounting scheme used to co-locate a card reader and 
30 hard drive. 
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Detailed Specification of the Preferred Embodinients 
In the following detailed description of the preferred 
embodiments, reference is made to the acconpanying drawings whidi form a 
part hereof, and in whidi is shown by w^ of illxistration specific 
5 embodiments in wb'di tiie invention may be practiced It is to be understood 
that other ^bodiments may be utilized and structural dianges may be made 
without departing fi-om the scope of the presmt invention. 

FIGURE 1 A shows the con^x^nents of a conputer system to be 
secured with a card reader interface according to a first embodiment of the 
10 present im^tion. This embodiment was shown in US. Patent No. 5,327,497, 
issued July 5, 1994, by Mooney, et. al. The conputer system includes a 
keyboard 101 by vAdch a user may input data into the systan, a conputer 
chassis 103 wiuch holds electrical conponents and peripherals, a screen 
display 105 by wiiich infomiation is displayed to the user, and a pointing 

15 device 107, the systrai conponents logicaUy connected to eadi other via the 
internal system bus of Ae compvUer. A card reader 1 1 1 is connected to the 
secure computer system via card reader intoiace board 109. The prefeixed 
card reader 1 11 is an Amphenol® "Chipcard" acceptor device, part number 
702-1 OMOOS 5392 4794, wWch is conpatible with International Standards 

20 Organization (ISO) spedfication 7816, althougji one skilled in the art would 
readily recognize that othw card reader devices wWdi confonn to ISO 7816 
may be substituted 

In ordo- for the computer system to be secured, a card reader 
interface is integrated into the computer system in a manner similar to that as 

25 revealed in FIGURE IB. Acardreaderinterfece board 109 ccmtains a 

microprocesstM- 1 16 connected to Ae CPU of the conputer via a second data 
bus 1 17, connected to RAM 127 via a Aird data bus 131, and connected to 
the card reader 1 1 1 via a fourth data bus 133. The interfece board 109 is 
typically inqjlemented with printed circuit board tedmology, althou^ other 

30 equivaloit tedmologies may be substituted wiflaout loss of generality. 

Peripherals 121 wifliin computer 103 are controlled by the CPU 123 and PLD 
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129 with a power control circxjit 1 19, which turns powCT oflF and on to 
periphCTals 121. A system boot ROM 126 logically connected to the CPU 
123 to start executing a non-volatile program contained in PLD 129 iqxMi 
initialization of the conputo* during power-iq), clear, or warm-boot reset. 
5 An IC card 115 is used in conjunction with card reader 111. 

The preferred card 1 15 is a MICRO CARD® or GEMPLUS® card (for 
example, Scot 100, TBIOO, or COS IC cards), wWdi is compatible with ISO 
7816. By confomiing to this standard, the card 1 15 oiables the sipport of 
Data Enoyption Standard (DBS) data enoyption and decryption functions. 

10 One skilled in die art woiiid readily recognize that otho* cards which confom 
to this standard and provide data enoyption and decryption iunctions may be 
substituted The ability to enoypt and decrypt data is inportant, since die 
present invention is designed to ensure that unenoypted sensitive data does 
not reside in the CPU where it could be read by an unauthorized user. 

15 The schematic for card reador interface 109 is described in 

greater detail in FIGURE IC. IVficroprocessor 1 16 is powered by circuit 135, 
and controls system functions via connections to tiie system data bus 125. 
System resets are initiated by clear line 137. Validation and authorization 
information is transferred between the microprocessor 1 16 and RAM 127 via 

20 the third data bus 131 in conjunction with address or data select line 141, 
strobe line 143, and chip select line 145. Backup power is provided for RAM 
127 by a +5 volt lithium battay 139. 

The microprocessor 1 16 communicates wiih systmi data bus 
125 as a serial communications device usii^ CTS line 147, DTR line 149, 10 

25 MHz dock line 151, serial data out line 153, and soial data in line 155. A 
sqDarate 3.5 MHz clodc line 157 is used to provide a clock signal to PLD 
129, vAnch is used by tiie microprocessor 1 16 fOT card reset control via line 
159, card serial data control via line 161, and card intennqTt coitrol via line 
163. The PLD 129 in turn connects to the card via card serial data contact 

30 177, card clodc contact 179, and card reset contact 181. 

Mcroprocessor 116 also has the ability to control the physical 
destruction of data within the computer systan via line 165, A physical 
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destruction device may be triggered using line 165 as a destruct signal. For 
exanple, line 165 may be connected to a mechanism containing a chemical 
solution which is sprayed onto a hard disk contained in tiie secure conputer 
system when an unaudiorized user attempts to violate the physical or logical 

5 integrity of the computCT system. Several destract mechanisms are taught in 
the prior art, and one of ordinaiy skill in the art would recognize tfiat other 
equivalent destructiai chemicals and mechanisms may be substituted witfiout 
loss of generality. 

The microprocessor 1 16 uses power control line 173 witfi 

10 switch 171 and +5 volt relay 175 to provide power to the card via card logic 
voltage supply contact 183 and card programming contact 187. The card is 
grounded via card gromd contact 185, and detected by flying power 
through card detect power contact 191 to microprocessor 1 16 by card detect 
contact 189. Card contacts 193 and 195 and line 197 are reserved for future 

15 use. 

FIGURE ID shows the conponoits of a second embodimmt of 
a secure conputer system according to the present invention. Secure 
conputer system 100 includes a keyboard 101 by wiiich a user may ii^>ut data 
into the system, a conputer chassis 103 which holds electrical conponaits 

20 and p^phonls, a screen display 105 by which infomiation is displ^ed to the 
user, a secure hard drive 1 13, and a pointing device 107, the system 
conqxsnents logically connected to eadi oth^ via die internal system bus of 
the can5)uta:. A card reader 111 is connected to die secure ccnGputo- syston 
via card reado* inter&ce board 109. As inlfae iGist embodiment, the preferred 

25 card reader 1 1 1 is an Anphenol® "Qiipcard" accqstor device, part mrtbar 
702-10M008 5392 4794, which is conpatible with International Standards 
Qrganizadon (ISO) 7816 specifications. One skilled in die art would readily 
recognize, however, that other card reader devices which confomi to ISO 
7816 may be substituted FIGURE ID shows card reader 1 1 1 and secure hard 

30 drive 1 13 co-located in a single peripheral bay. Other mounting techniques 
are available, however, vAnch would not modify the scope of the preset 
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invention, for exanple, positioning card reader 1 1 1 externally as shown in 
FIGURE IE 

FIGURES 2A and 2B illustrate the modifications required of a 
standard personal conqniter system 70S in order to create a secure conpiter 
5 system 100 according to the present invmtioa FIGURE 2A is a sinplified 
block diagram of a conq)uter system 70S commonly found in die prior art 
Central processing unit (CPU) 290 is connected to dedicated hard drive 
controller logic 710 vAich serves as an interfece for the conputer system to 
hard drive 1 13. Typically, hard drive controller logic 710 is a printed circuit 

10 board which is installed in the backplane or integrated into the motherboard of 
con:5)iiter 100, and hard drive controller logic 710 is connected to hard drive 
1 13 using a multiconduaor cable 720. Hard drive 113 may be mounted 
externally to conputer 705, or internally, 

FIGURE 2B shows how Ae standard personal conpiter 705 is 

15 converted to a secure conputer system according to one embodiment of the 
present invention. In FIGURE 2B, secure conputer system 100 is formed by 
adding integrated circuit (IC) card 115 and attaching card reader 111, cable 
730, and card reader intaface board 109 to system 705. Card reader 1 1 1 may 
be added to the system by renroving cable 720 fi-om hard drive 1 13 and 

20 connecting it to card read^ interface board 109, then connecting card reader 
111 to card reader int^iace board 109 via cable 731. Hard drive 113 is 
connected to card reader interface board 109 using cable 730. 

Card reader 111 acts in concert with card reader interface board 
109 to linut access to sensitive data stored both on hard drive 113 and card 

25 reader intaface board 109. Integrated circuit card 1 15 is preprogrammed with 
infomiation used to verify that the user is authorized to access die sensitive 
data stored on hard drive 1 13. Security for sensitive data stored on hard drive 
1 13 is provided by requiring a minimum of three distinct sources of 
authorization verification infomiation in order to access the sensitive data In 

30 order to gain access to the sensitive information stored on hard drive 113, 
both card 115 and card reader interface board 109 must presoit propa- 
identification information and the user must enter a series of predetermined 
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answers to a series of predetermined questions. If any of the sources of 
idoitification informati<Mi is incorrect, board 109 may prevent access to the 
secure conputer system 100 by freezing the system bus 292 (requiring cycling 
of the system power to reset secure con5)uter system 100), logically 
5 destroying any sensitive data on the ^em» or physically destroying the 
storage devices containing sensitive infomaatioa 

The details of one mibodiment of the present invention will be 
specified in greats- detail using the following figures. FIGURE 3 is a detaUed 
electrical blodc diagram of the secure conputer system 100 of FIGURE 2B, 

10 showing connections b^ween card reader interface board 109, card reader 
111, secure hard drive 113, and central processing unit (CPU) 290. In the 
preset invention, independent, dedicated data buses are employed such that 
card reader interface board 109 communicates with card reada* 111 via card 
reader bus 225, hard drive 1 13 via hard drive bus 272, and CPU 290 via hard 

15 drive controller logic 710 and systan bus 292. (hard drive bus 272 is 
analogous to cable 730 of FIGURE 2B and system bus 292 is analogous to 
cable 731 of FIGURE 2B.) The utilization of independent dedicated data 
buses for communications with card reader 1 1 1, hard drive 1 13, and CPU 290 
decreases the chances for retrieval of sensitive data and oioyption 

20 infoimaticni, since system bus 292 transfers only unoioypted data to the 
(xmpatjsr system from card reader int^ace board 109. An unauthorizsed 
intruder would have to monitor all three buses to attend to decipher the 
enoryption codes used and the method by vAidti the security system interacts 
with the conpiter q^em 

25 FIGURE 3 also shows the into'connecdons of the components 

on card reader interface board 109. In one embodim^ the card reader 
intoface board 109 ccsitains a ZUog Z86C61I6 processor 220 for controlling 
data transfCTbetwem card readar 111, hard drive 113, and CPU 290. The 
Z86C61 16 is an 8-bit data bus, 16-bit time-multiplexed address bus 

30 microprocessor specified in the Zilog Z8 Nficrocontrollers Book, DC8305-01 
(1993), wb'ch is incorporated herein by reference. Other microprocessors may 
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be readily substituted without materially aflFecring the scope of the present 
inventioa 

Processor 220 controls the transfer of data on card reader 
intCTface board 109 by issuing commands to control ASIC 230. Control ASIC 
5 230 acts as "^ue logic," undo- ccmtrol of processor 220, coordinating the 
operation of data steering netwoik 240, dpha- engine 270, and processor 220 
to control information transfo- betweoi CPU 290, RAM 260, and hard drive 
113. 

Data steering network 240 is an 8-bit controllable mpvt and 
10 output port circuit designed to allow processor 220 to communicate with 
RAM 260 and dpher engine (CE) 270, but to prevent unauthorized access by 
a user controlling system bus 292 to retrieve data from RAM 260, FIGURE 5 
is a block diagram showing the operation of the data steering netwoik 240. 
Data steering netwoik 240 essentially operates as an eigjit bit wide 
15 bidirectional paraDel multiplexer which limits data transfer from processor 220 
to RAM 260, or altanatively to CE 270 (and, therefore, potentially to system 
bus 292 if port A 274 and port C 278 of CE 270 is connected). Attempts to 
read information from the address space assigned to RAM 260 vMdh 
originate from the systan bus 292 are impossible, since RAM 260 is Ipgically 
20 isolated such that no address space exists from system bus 292 to access 
RAM 260. 

Returning to FIGURE 3, in one enibodiment dphear engine (CE) 
270 is an 8-hit NSA certified DES enciyption mgine meeting specification 
DES 3. Such a device is manufactured by Conputer Hektronik as part 
25 number CE99C003. Furtha- information detailing the operation of that 
embodiment of CE 270 m^ be ibund in CE Infbsys 99C003 Data Sheet 
Vision 1.01. 

CE 270 is controlled by processor 220 via data steering 
netwoik 240 by commands received at port C 278. CE 270 may be instructed 
30 by processor 220 to provide a data path between port C 278 and port A 274 
(no enayption) or betweai port A 274 and port B 276 (DES enaypted data 
ou^ut from port B 276, and nonracrypted data from port A 274). During 
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system initialization a data path between data steering network 240 and 
system bus 292 is seated using post C 278 and port A 274 vAiecdby 
nonenaypted data can be transfenred undo- control of processor 220 to system 
bus 292 via hard drive controller logic 710. Once user autfaorizatim is 
5 verified and there are no pmding security violations detected, CE 270 uses a 
key to DES enaypt data transmitted by port B 276 to hard drive 113. 
Sinulariy, CE 270 deciphers maypted data from hard drive 1 13 and presents 
it to system bus 292 via hard drive controllCT Ipgic 710 vAxm port A 274 to 
port B 276 channel is aUowed. One skilled in the art would readily recognize 

10 that other cipher engines which conform to the above-mentioned standards and 
siqjport data encryption may be substituted without materially modifying the 
spirit and scope of the presait inventioa 

RAM 260 is subdivided into secure and open segments by 
memory m^Dping the secure segments such that they are accessible only to 

15 processor 220. This prevents both accidental and intentional loss of secure 
infomaalion from the RAM 260 to the system bus 292. RAM 260 is 
addressable only by processor 220 and contains DES base kernel key 
enayption infomiadon and answers to vmfication questions retrieved from 
card 1 IS by processor 220. The open portion of RAM 260 contains the 

20 verification questions retrieved from card 1 15 and otfier nonsensitive data 
As can be seen in FIGURE 6, ROM 280 contains loader 
program code 610 and verification program code 620 used by the G^U 290 
ipon initialization to load and execute the vmfication program Since 
standard BIOS routines attempt to boot from the C: drive the use of ROM 280 

25 in concert with processor 220 and control ASIC 230 to simulate a C: drive 
aUows the present invention to be used in the standard IBM con^atible 
personal conputer without having to modify the system BIOS (basic 
input/output systOTi). 

Card 1 15 is used witii card reader 11 1 under conlrol of 

30 processor 220 to provide the conpiter system 100 with information 
conconing DES key enayption, verification questions and answers, user 
access privilege level, expiration date, origin of card issuance, and card usage 
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history. As in the first embodiment, the preferred card 1 15 is a MICRO 
CARD® or GEMPLUS® card (for example, Scot 100, TBIOO, or COS IC 
cards), wfaidi is compatible with ISO 7816. One skilled in the art wovdd 
readily recognize that other IC cards which conform to Ms standard and 
S provide data enoyption and deoypdon functions may be substituted without 
materially modifying the spirit and scope of the present imroitioii 
T .OniCAL & PHYSICAL DESTRUCT HARDWARE 

Control ASIC 230 also monitors attenpted unaufliorized 
retrieval of data fi-om the protected storage devices and presents information 

10 to processor 220 if control ASIC 230 detects an attenpted unaudiori23ed 
access. Processor 220 monitors signals fi"om the control ASIC 230 and 
commands control ASIC 230 to issue a command to either logically or 
physically destroy protected information in RAM 260 or secure hard drive 
113. Logical destruction of data on the RAM 260 is acconplished by 

15 assCTting trigger signal 21 1 emanating from processor 220, clearing the 

contents of RAM 260. Logical destruction of the sensitive data on hard drive 
113 follows naturally, since the DES encryption key synthesis information is 
destroyed when the RAM 260 data is destroyed, and, without the DES key, 
the infomiation on hard drive 1 13 is logically iiretrievable. Physical 

20 destruction of data can also be acconq)lished by ass^ting physical destruct 
signal 212 emanating from processor 220, as a means of triggeriiig a pineal 
destruct package 213. As in the first embodiment, sevoal physical destruct 
packages are disclosed in the prior art, such as a feiric chloride spray or 
plastic explosive padca^. 

25 Card reader interface board 109 also contains an extra defsnse 

against physical tampering. In one embodiment, a transistor circuit 210 is 
used to r^idly erase the contents of dynmio RAM 260. In such an 
embodiment, circuit 210 grounds the power pin of RAM 260 to erase the 
contents of RAM 260. In normal q^eration, triggo: signal 21 1 is not asserted, 

30 thereby allowing the collector of transistor circuit 210 to remain at a voltage 
of ^jproximately Vcc. In this mode of operation RAM 260 is powered by the 
sajpp]y voltage Vcc whereby current travels through diode 261 and fuse 263 to 



t 
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RAM 260. If power is intennq)ted the battety 200 provides currait to RAM 
260 through diode 262 and fiise 263. 

When the trigger signal 21 1 is asserted (by processor 220) the 
collector of npn transistor 210 is forced to a low voltage and current flowing 
5 througih diode 261 is su£Gcient to bum the fuse 263, thereby allowing the Vcc 
tennina] of RAM 260 to drop to ziero volts and erasing the logical contents of 
RAM 260. Alternatively, if the battery 200 is supplying RAM 260 with 
currmt, the trigger signal 21 1 will cause sufiGdent current to flow through 
fuse 263 to bum fuse 263, and again, the voltage at die Vcc tenninal of RAM 

10 260 will drop to zero volts and erase the logical contents of RAM 260. 
Processor 220 can initiate the logical destruct feature if control ASIC 230 
alerts processor 220 that an unauthorized access is being attenqjted. 

The logical and physical destruct mechanisms described provide 
several different levels of data security. In one embodiment of the present 

15 invention there are five selectible security levels: 

1) Freeze the computer Systran bus, requiring a "cold boot," 
(power off and then on or "reset"); 

2) Alter the contents of the integrated circuit card so that 
the card must be iqxiated to be authorized f^ another session; 

20 3) Gear RAM 260 ofthe stored kond for the encryption 

key; 

4) lx)gical destruction ofRAM 260 menray, requiring 
reinitialization of RAM 260 before another sessicm may be performed on the 
computer system; and 

25 5) Physical destructim of con^^uter system memoiy. 

Otiber security levels are possible and those skilled in &e art will recognizB 
that comhinalions of these levels of security are possible without departing 
fi'om the scope and spirit of tbe present invention. 
INTERFACE BOARD CONTROL & COMMUNICATIONS 

30 Activities on the card reader intalace board 109 are 

coordinated in part by code 'T^uraed into" an internal ROM in processor 220 
and in part by execution of an authorization verification program as detailed 
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below. This allows prrocessor 220 to respond to commands issued by CPU 
290 during the authorization vCTification program execution, yet maintain 
security of sensitive data on card reader interface board 109 by acdng as a 
dedicated controller of sensitive DES encryption data and authorizatiQn data 
5 Processor 220 communicates witii control ASIC 230 to control data steering 
netwodc 240 and ROM 280, and controls CE 270 using commands issued on 
bus 222 to CE 270 via data steering networic 240. Processor 220 is solely 
responsible for communications with card reader 1 1 1, vMch raihances the 
overall security of the present invention since sensitive data is not placed on 
10 the system bus 292 where it is vuhierable to retrieval. 

Control ASIC 230 is connected to ROM 280 and data steering 
network 240 using bus 223 and is also connected to the monitor and freeze 
cOTtrol lines of CPU 290 ^ch allows control ASIC 230 to "freeze" system 
bus 292 vpon demand by freezing the system bus 292 if a prohibited access is 

15 detected over the monitor lines. Control ASIC 230 sends a signal to 

processor 220's INT interrupt 221 when it freezes system bus 292 to infomi 
processor 220 that the bus was frozen, since processor 220 is not connected to 
system bus 292. 

Control ASIC 230 contains a counter (not shown) \Anch counts 

20 the number of "sectors" retrieved from ROM 280 during boot and loading 
fijnctions (desoibed below) to simulate a hard drive int^fece to CPU 290. 
Processor 220 is notified by control ASIC 230 ^en the last byte of program 
inforaialionisreadframROM280byCPU290. Cipho" Engine 270 routing 
is controlled by signals fiiom processor 220 to control ASIC 230, and may be 

25 programmed to connect port A 274 to port C 278 to allow processor 220 to 
communicate with system bus 292 (and CPU 290), or connect port A 274 to 
port B 276 to allow CPU 290 to communicate with hard drive 1 13 once 
security conditions have bem satisfied, as detailed below. 

FIGURE 4 is a block diagram of the fiindammta] conponents 

30 of control ASIC 230. Control ASIC 230 includes a control register 950 with 
bits assigned for the control of data steering network 240 and ROM 280 via 
control port (CP) 910. These hits control A^iiether bus 222 is connected to 
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RAM 260 or CE 270 via data steering network 240. Similarly, the control 
bits assigned to the control of ROM 280 assist in the simulation of a C: drive 
during tfie BIOS initialization vAnch is detailed below. Control register 950 is 
programmed by instructions from processor 220, and the status of the control 
5 bits may be detammed by reads from processor 220 of status regist^ 960 via 
pnxressor port 980. INT port 900 is also connected to the control and status 
registers, and indicates when die system bus 292 is "frozen" when a security 
violation is detected as described above. 

In one mibodiment of tfie present invmtion, processor 220 

10 programs regista:s (not shown) in bus address monitor 930 by transmitting 
mask words to Aese rasters via processor port 980. Each mask word 
conpises a programmable tenplate identifying autharized paipherals for the 
particular user as defined by the card 115 v^en issued by the security 
administrator during the authorization visit, described below in Ae 

15 SECURITY ADMIMSTRATOR AUTHORIZATION VlSr^ Control 
ASIC 230 is connected to systmi bus 292 (as shown in FIGURE 3) via bus 
port 920, and can therefore monitor the atten^ted accesses on system bus 292 
and conpare them with the templates stored in bus address monitor 930 using 
combinational logic 940 to determine if an unauthorized peripheral access has 

20 been attenpted If an unauAoiized pmpheral access is attenpted one 

embodiment of the presmt invention will freeze &e system bus 292; secure 
conpiter syston 100 ronains unusable until a powor cycle of computer 100 
(to reset conpiter 100) is perforaGied. Port 920 of control ASIC 230 is 
connected to hard drive controlla- logic 710, as shown in FIGURE 3, in order 

25 to ccmtrol access to hard drive 113 in a manner known to those skilled in the 
art. 

Bus address monitor 930 monitors system bus 292 references to 
peripheral devices sudi as serial and parallel ports, networics, and A or B 
floppy disks. Bus address monitor 930 monitors normal BIOS references 
30 during initialization, such as reset, warm, or power-up boot, and monitors to 
detect attended prohibited accesses to denied peripheral devices as defined 
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on card 1 15 during the authorization visit (see SECURITY 
ADMINISTRATOR AUTHORIZATION VISIT section below). 
DATA STEERING NETWORK 

Data steering network 240 is shown in a sinplified block 
5 diagram in FIGURE 5. Data stemng netwoik 240 essentially acts as a 
bidirectional, eig^t bit parallel, ste«:able data diannel. Control ASIC 230 can 
control vsiiether the ei^ bit bus 222 from processor 220 is connected to 
RAM 260 or CE 270 by decoding the address on bus 222 and selecting input 
20 of the data steering network 240. Control ASIC 230 can also disable the 

10 data steering network 240 by toggling enable inpat 30 of data steering 
network 240. This operation also ensures that CE 270 is never direcdy 
connected to RAM 260 via data steaing netwoik 240, adding to the 
protection of data stored in RAM 260. 
TYPES OF CARDS AND THEIR FUNCTION 

15 There are essentially ftree types of cards: maintenance, issuo*, 

and user cards. The maintenance card allows the usct to access the systan 
only for diagnostic purposes, but no sensitive data is accessible using the 
maintenance card An issu^ card is the topmost card of the security 
hioiardiy. It cables the issuing program to configure a plurality of 

20 subordinate user cards. In one embodinient, uso* cards can create subordinate 
user cards and allow the user to access paiphOTals per privil^es granted by 
the issuer during card configuratioa The user cards enable users to access the 
secure informatic«i on compater 100. 

One embodiment of the security hierarchy is shown in FIGURE 

25 8. Box 500 rqresents an issu^ card called the issuing office card Box SOI 
is also an issuer card called die security administrator's card The issuing 
office card 500 is used to create tfie security administrator's card 501, which 
in turn creates subordinate user cards represented as the remaining boxes in 
FIGURE 8. In this embodiment, the issuing office card 500 may not access 

30 data in coniputa" system 100; its purpose is to create subordinate user cards, 
such as cards 510, 530 and 540. 
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SECURTTY ADMINISTRATOR AUTHORIZATION VISIT 

The next section of the specification of Ae present invention 
requires a discussion of the information stored on the iiser card 115 prior to 
the first use of the card 1 15 by a user. A special card issue program is run on 
5 a conrpitCT systan 100, as showi in FIGURE ID, which programs the usct 
card 115 pursuant to ISO 7816 specifications. This programnmig is typically 
done by a security administrator ^o is responsible for determining the scope 
of audiorization of the particular user. Sudi a session is called an 
authorization visit 

10 The card issue program used to conduct an authorization visit 

will store in separate registers located on card 1 15: oqDirarion date of the 
card; the code associated with the issuing oflBce; the peripherals which this 
particular user may access with this card; a code identifying the card as a 
maintenance card, issue card, or usct card; the level of authorization of the 

15 usCT of the card (see the ACCESS HIERARCHY discussion of FIGURE 8, 
below); a series of questions used to identify the user, and their associated 
answers. 

A "first use*' regjst^ is also dedicated to indicating wiiether tiie 
card has been used before to allow the system to identify first use. First use 

20 presents an opportunity to configure cxxxspater system 100 by storing in RAM 
260 sensitive data pertaining to the specific usct. In the event die information 
on RAM 260 is erased, the first use raster indicates diat the card 115 was 
used at least once and the user will be required to report to the security 
administrator to have the card reissued before secure compute system 100 

25 will accept it 

A retry counto- register is also programmed during the 
authorization visit whidi contains a value specifying the number of errors a 
potential user can make in answering the user identification questions before 
the system terminates the verification process. In addition, certain information 
30 is stored in the card automatically under ISO 7816 specification, such as the 
type of card vAnch is being used (for exanqjle, MIOIO CARD® or 
GEMPLUS® cards) and the amount of memory available on the particular 
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card One skilled in the art would readily recognize that the information 
stored on the card may be stored in other configurations without materially 
modifying die scope and spirit of the present invention. For exanple, the 
number of questions may be varied without materially changing the inventioa 
5 QUESTIONS AND ANSWERS USED FOR IDENTTFICATION 
VERMCATION 

A series of questions are posed in a consistent format, and the 
answers are recorded to identify a particular user. For example, one question 
the user rra^t be asked is: "What is your favorite color?" The user should 

10 respond with a text string entry which matches the prerecorded ansvra-. 
Therefore if the user responds: "Blue", but the answer was prerecorded as 
"B@L$U*E!", the response will be incoirect and, depending on the value set 
in the retry counter, the user may be denied access or allowed to answer 
another question One embodiment of the present invention uses fifteen 

IS questions to identify the user. Such an approadti reduces the chance an 
unauthorized user can acquire the ccxnect responses throug^i surreptitious 
means. It should be obvious that any subcombination of the fifteen questions 
may be used for identification purposes. In one embodiment of the presrat 
invention, a random number goimtcs: decides the number of questions to ask 

20 (minimum three), and the particular questions selected However, it is clear 
that the number of questions and ihsk selection process m^ be altered 
without materially altering the scqse of the presmt invmtion. 
INITIALIZATION OF THE SECURE COMPLTIER SYSTEM 

FIGURE 7 shows a flow diagram detailing the procedure by 

25 which the present invention acquires control of the conputer for usct 

identification and v^ification purposes vpon an initialization such as power 
\xp, clear, or warm boot reset. Those skilled in the art will readily qDpreciate 
that minor modifications to tiie order or exact irrplementation of the following 
steps will not materially modify either the scope or spirit of the present 

30 inventioa Upon initialization, at step 704 the standard ccmpvier BIOS will 
query the conputer system to determine the present configuration of the 
systoxi Processor 220 is programmed to monitor and save BIOS routine calls 
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made by the secure conq^uter system's BIOS during step 704. Control ASIC 
230 assists processor 220 in monitoring and memorizing the BIOS routine 
calls. Tlie mmiorized calls are then used as a tenplate for conpaiison 
purposes to ensure that subsequent reboot of the conpiter system with the 
5 standard operating system conforms with the initial pattern. Sudiadiedk 
verifies diat the system BIOS is, indeed, in control of the subsequmt reboot 
process. Ihis prevents loading of another system BIOS to bypass die security 
system in ord^ to access sensitive data. 

As detailed above, the hardware present on card reado" 

10 interlace board 109 is designed to simulate the presence of a hard drive. At 
initialization, CPU 290 executes the standard BIOS routine of loading the first 
"one and/or two sectors" fi-om the C: drive. Card reader interface board 109 
intercepts the read issued by CPU 290 and directs it to ROM 280. As is 
illustrated in FIGURE 6, ROM 280 contains loader program code 610. 

15 Therefore the first one or two sectors of the "C: drive" are read fi-om ROM 
280. (Whether one or two sectors are loaded dqjends on the type of CPU 
290, speedof CPU 290, and type of BIOS used by the compiter system.) 
Loadar program code 610 is then executed by GPU 290 to retrieve, at 709, the 
remaining "sectors" of ROM 280. Those sectors contain a verification 

20 program (620 of FIGURE 6) used to verify the audiorization of the user to 
access the systmi Control ASIC 230 monitcH^ the loading process, infonning 
processor 220 at step 712 vAim flie last byte of code is loaded into CPU 290 
so that processor 220 is SLvme that the vmfication program is about to 
execute on CPU 290. Processor 220 thm generates, at step 713, unsolicited 

25 card status fi-om card reader 111. Mean\\iiile, at 714, CPU 290 executes 
verification program 620. When unsoUcited card status has been retrieved, 
processor 220 instructs control ASIC 230 to connect processor 220 to s>^em 
bus 292 via data steering network 240, CE 270, and hard drive controUer 
logic 710 (step 721). Processor 220 then transmits the status of card reader 

30 1 1 1 to CPU 290, howevCT, flie verification program will loop until unsoUdted 
card status is received fixm processor 220 (step 722). 
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USER AUTHORIZATION VERinCATlON PROCEDURE 

At this point, the processor 220 is actually controlling system 
bus 292 using handshaking lines, yet processor 220 is responding to requests 
made by CPU 290 throughout tfie execution of the vmfication program CPU 
5 290 receives an intern^ indicating fliat a card was insoted, and i^vdiether a 
conductive card is present (steps 724 and 728). If no card is presmt, thai a 
message to "insat card" is flashed to the operator on display 105 {step 726). 
If the card 1 15 is conductive, then the system bus 292 is frozen and the 
verification process is terminated (step 736). If Ae card 1 15 is 

10 nonconductive, thai power is ^lied to the card reader 1 1 1 (stqp 729). Upon 
poweny, the card 1 15 issues an unsolicited reset message wdiich is transferred 
to the CPU 290 by processor 220 (stq) 732). Processor 220 resets card reader 
1 1 1 by holding the RST signal (224 of HGURE 3) low (active) for a 
spedfied time as defined by ISO 7816-3, and thai raises the signal to indicate 

15 end of reset to card 115. Card 1 15 issues a reset message to processor 220 
via card reader 111 which identifies >?diether the type of card being used is 
MICRO CARD® or GEMPLUS® (per ISO 7816, MICRO CARD® and 
GEMPLUS® Technical Manuals) (step 734). If the card 1 15 is not an 
acceptable card, then processor 220 freezes fte system bus 292 and tcmiinates 

20 the authorization p-ocess (stq) 736). If the card is accepted as potentially 
valid then the verification program determines if the card was issued by tiie 
correct issuing ofiBce (step 742). The ejqpiratioo date is also retrieved frcm 
the card by processor 220, but must be seait to CPU 290 because processor 
220 does not have a clodc/calendar to con^jare the e^q^iration date (step 744). 

25 If either of the tests in steps 742 or 744 M, then systrni bus 292 is frozen by 
processor 220 and the verification process is stopped (step 736). If the card 
115 meets the previous tests, then CPU 290 instructs processor 220 to read 
several questions and tfieir associated correct responses from the card 1 15 and 
load them into RAM 260 (step 746). h one embodiment of the present 

30 invention, the answers are stored in the secure area of RAM 260 and the 
questions, which are nonsensitive, are stored in the open area of RAM 260. 
The user is then queried for responses to questions read from card 1 15 and 
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must answCT the questions correctly to gain access to the conputer. The first 
question is displayed to the user (step 748), an operator response is received 
by CPU 290, formatted, sent to processor 220, and con:5)ared by processor 
220 with the answ^s stored in ^ secure space of RAM 260 (stq)s 752 and 

5 754). A retry counter located in processor 220 is incremented eadi time an 
error is made in answering die questions, and is preprogrammed by the 
security administrator to temiinate die verification program if the number of 
erroneous responses exceeds the preprogrammed value (steps 758 and 736). 
This protection is installed to prevent an unauthorized user of a card trcm 

10 repeated guesses of the ccvrect answers to tfie posed questions. 

After the last question is asked (step 762) the DES encryption 
key is calculated (step 764). Ui one embodiment of the present invention, the 
key is calculated using usct unique binary information stored on the card 1 15 
and in the RAM 260. This allows the program to calculate unique keys even 

15 if tiie key generation equation is identical fi-om usct to user, since the inputs 
identifying each user will be dependent on &e answers givai by the usct, and 
therefore, the calculated key will be unique. Anotfier embodimmt of the 
present invention will have the verification program prompt the usct with an 
additional question to assist in die key randomization process. Alternate 

20 embodiments of the present invention could insert such a question at any 
point in the verification program prior to tiie key generation stq). In one 
embodiment of the present invention, the key generation algorithm is givoi by 
the pseudocode shown in TABLE 1: 

25 TABLE 1 
BEGIN: 

read the binary data from card 115 associated 
vTitJi the prerecorded questions and answers; 

reduce the binary value by powers of nine; 
30 store tJie carries generated in a register to form 

a random nurriber; 

exclusive or the random number generated in the 
previous step with data stored in RAM 260 of secure 



I 
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conputer system 100 to generate 16 strings of 64 bits, 
which will serve as potential keys for encryption; 
load the sixteen keys into CE 270; 
generate a random number between 1 and 15; 
5 select one of the sixteen keys using the random 

number; 

use that key for encryption purposes; 

END. 

10 However, it will be clear to those skilled in the art that other fonrndas be 
used without matenally tnodiiying the spirit and scope of &e presort 
invetxdoa 

After the key is generated, it will be loaded, along with an 
encryption table, into the CE 270 (step 772), so that the CE 270 will be ready 

15 for encryption if the test of the loading is passed (step 774). Ifthe table is 
not loaded correctly, then the verification program will terminate (step 736). 
If the table is loaded coirectly, the processor 220 reviews the entire histoiy of 
the verification sequence (776) to msure that all of the required tests have 
passed (778) before connecting the system bus 292 to CE 270 (782). If, at 

20 778, all required tests have not passed correctly, the verification program is 
terminated at step 736. Othowise, the CPU 290 will thm boot Srom hard 
drive 113 in order to execute the disk operating Systran for secure con^juter 
100 (stqj 784). Processor 220 morators this reboot process using control 
ASIC 230 to monitor the BIOS routine calls to rasure that the native system 

25 BIOS is prcq)alyrelxx>ting the conpmerfi-om hard drive 113 (stq) 78 If 
any unauthorized accesses are attempted, system bus 292 is fi-ozen and the 
verification program temanates (steps 792 and 736). Unauthorized accesses 
include: unauthorized access of peripheral (monitored by bus address monitor 
930 on control ASIC 230), and atten^its to boot fixan the A instead of C: 

30 drive (monitored by processor 220), (sXcp 788). If no unauthorized accesses 
are detected, the program will allow the usct to use disk drive 1 13 until the 
session is terminated by the user via rmioval of card 1 15 or system reset (step 
794). Once the user is done, system bus 292 will be fi-ozen and the computer 
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100 must be powar cycled (to reset con^uter 100) before another session can 
take place (step 736). 
ACCESS HERARCHY 

FIGURE 8 shows one embodimait of a hierarchy of secured 
5 access codes among a multiuser organization. ThQ present invention teadies a 
hia:arcby coding method used to generate families of access codes vAidi 
permit horizontal and vertical segregation of access codes within an access 
hierarchy. As shown in FIGURE 8, the access code is designed to aDow a 
superior of a subordinate user access to the computer of the subordinate, but 

10 only if the siq)erior has access in the same volical portion of the usCT 

hioiardiy. For exanqjle, referring to FIGURE 8, user 520 cannot access the 
infomiation on user 510's computer (520 is subordinate to 510), but can 
access the information on the conputors of users 522. However, user 520 has 
no access authority over user 550 (no horizontal access privilege), nor does 

15 user 520 have access authority over users 552 (lacking vertical commonality). 
A benefit of sudi organizations of key information is that access be 
limited in an organized and restricted hierardiy. For exanple, if somehow 
security is comp-omised in the middle branch of FIGURE 8, then flie left and 
right brandies are not conpromised. 

20 A vast array of users may therefcre be accommodated easily 

within the hierarchy shown in FIGURE 8 by dedicating access code words to 
each level. In one such embodiment, sbdy-four (64) bits are allocated to the 
access code word describing 510 level, allowing 1^ unique codes at 510 level; 
sixty-four (64) bits are allocated to the access code word describing level 520, 

25 allowing 2" unique codes at the 520 levd; and sixly-four (64) bits are 
allocated to the access code word desaibing levd 522, allowing ^ unique 
codes at the 522 level. These bits may be stored on card 1 15 in dedicated 
regist^ and assigned by the security administrator during the authorization 
visit 

30 The horizontal separation of users may be easily attained by 

including an extra question in the list of queries posed and answCTed during 
the vaification program execution An answer could be predetermined wfaidi 
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would be common among all users in a common vertical groiq), and which 
would segregate them from otho* uscts in other valical groiqK. For example, 
each individual vertical group would be identified by a unique, predetermined 
response to the same question Ihe response could be nu^ped to a binaiy 
5 number, whidi could serve as a consistent offset for purposes of generating 
the access code. For exanple, if a question asked for a favorite sport, the 
response "golf could be used by all members of a particular vatical group to 
identify their groiq). 

In one embodiment of the present invention, fifteen (15) 

10 questions are used to identify the user, an extra question is used to identify 
the particular vertical branch of the access tree the user resides. These 
questions are employed to select the DES encryption keys available to the 
user. In this way, the DES encryption key questions serve as a fiirtha* 
randomization of the access code whidi is user depaidrnt 

15 Essentially, access infomfiatioo is distributed between the usar 

(in the preprogrammed responses genwated by that user), the card 1 15 
(programmed whai the individual is givai access authority), and RAM 260 
stored on card reader controller board 109. Therefore, in aie onbodimeiit of 
tfie invention, the access code is a combination of the user, Ae card, and the 

20 conqniter which the user xises. This provides for a level of security for 
the entire system, and requires that the user be re-authorized by the security 
administrator every time the user's access privileges are lost due to incorrect 
or inproper atteiipted access. In this way, security administratcxis can control 
the access attmqrts by the users since they are informed each time a potoitial 

25 security breach is encountered; users must be re-authorized if the 

identification infomialion in RAM 260 is destroyed by attenpted unauthorized 
access. 

DESTRUCTION OF DATA 

Logical destruction of the data resident on the various memoiy 
30 storage devices found on the conputer system may be prq^rogrammed to 
occur after a fixed number of failed attempted accesses (see FIGURE 7 
discussion of retry counter, st^ 758). In one raibodiment, board 109 goes 
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further and freezes the system bus 292 to prevent unauthorized retrieval of 
sensitive information following detection of a potential security breach. Hie 
data stored in hard drive 1 13 is logically destroyed the DES encryption 
key is erased since the key cannot be reconstructed by the intrude'. 
5 Therefore, if the key inforaiation in RAM 260 is destroyed, it is equivalent to 
rendering the data stored in hard drive 1 13 logically destroyed, since without 
the enoyption key it is undedphoBble. In one embodiment of the present 
invention, flie DES key kernel information stored on RAM 260 is destroyed 
by clearing RAM 260 using an algorithm executed by processor 220 \spon 

1 0 detectiOT of attenq>ted unauthorized access, or by grounding the powCT pin of 
RAM 260 using transistor circuit 210 as described in the section LOGICAL & 
PHYSICAL DESTRUCT HARDWARE, above. A further hurdle requires that 
any usct v^ose card 1 15 is invalidated by unauthorized access visit the 
security administrator to get their card reinstated Physical destruction of die 

15 data storage media is also possible by asserting physical destruct signal 212 
generated by control ASIC 230 under control of processor 220 in the event of 
a breach, triggering destruct package 213 designed to physically destroy the 
hard drive 113 and RAM 260. 

Alternate embodiments of the destruction means of the present 

20 invention are also possible. In one embodiment, the selection of destruction 
means and the process by vMch the destruction mediods are invoked are 
programmed by altering the code in the internal ROM of processor 220 or by 
vaiying the value of retries allowable on tfie register of card 1 1 5. Therefore, 
one embodiment of the present invention is not limiting and does not 

25 malaially linrit the scope of the present invention 

FIGURE 9 illustrates one embodiment of flie preset invention 
showing a card reader receptacle 820 mounted with a hard drive 810 to 
facilitate physical mounting of tfie card reader and a resident hard drive. For 
exanple, a hard drive 113 can be co-located wifli a card reader 111 to fomi a 

30 single unit con^dsing a secured disk drive as shown in FIGURE 9. This 
mounting scheme illustrates only one of several possible oribodiments of the 
mechanical mounting of the card reado* recqjtacle 820 in the present 
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invention. Other embodiments illustrating the mechanical mounting of card 
reader receptacle 820 are possible without materially modilying the scope of 
the present inventioa 

Those skilled in the art will readily see that the present 
5 invention offers several benefits over otho* devices including but not limited 
to the ability of one raibodiment to provide Ihree levels of con^niter security. 
For instance, one embodiment of the present invmtion provides security in 
three distinct w^: 

(1) immediately assating control of the conputer system upm 

10 initialization in the forni of preboot protection, since the card reader interface 
board simulates the C: drive loader code before an intruder can interrqDt the 
systam and thereby immediately takes control of the CPU; 

(2) aftCT preboot control is acquired a user verification program is 
executed to ensure that the user is authorized to access the conputer, and 

15 (3) ongoing monitoring of computer activity as the computer system is 

in use, to detect attenpted unauthorized accesses using a bus address monitor 
and destroy saisitive program and encryption key information before an 
intruder can break into the system 

Those skilled in the art will readily q>predate that the scope of 

20 tiie present invention is not restricted to securing personal conputers, but may 
be extended to securing otho- types of computer systems (largo* or smalls) or 
specific peripha^s of both small and large con^juter systems. Additionally, 
the present invention may be en5)loyed to secure the digital data stored on 
any systOTi wWdi stores soisitive digital informatioa 

25 Tlie presort invoitioo discloses the use of the card reader 

intaiace board 109 in conjunction with hard drive 1 13. It should be parent, 
however, that the same type of security could be applied advantageously to 
control the contents of otfier nonvolatile msmory such as a contact disc (CD) 
ROM system. Personal Computer Monory Card International Association card 

30 (PCMCIA card), or streaming tape backup unit Indeed, the present invoition 
can be ^lied advantageously to control access to any paipheral which could 
be connected to a conputo- system For instance, the present invention could 
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be ^lied to secure subsections of mass storage devices, sudi as partitioned 
hard drives or PBX switches. Alternate enoyption methods, larger or smaller 
data and address buses, alternate integrated circuit cards and readers, and 
modifications to the control algorithms enployed in Ae present invention may 
5 also be used without materiaUy altering the scope and spirit of present 
invmtioa 

It is to be understood, however, that even thoiigji nummnis 
characteristics and advantages of the invention have been set forth in the 
foregoing description, together with details of the stracture and function of the 
10 invention, the disclosure is illustrative only, and changes may be made in 
detail, espedally mattois of sh^, size, and arrangemmt of parts within the 
principles of the invention, to the foil extent indicated by the broad genwal 
meaning of the terms in wiiich the q^pended claims are expressed 
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What is claimed is: 

1. A method of operatiiig a conpitCT, coirprising the steps of: 
a) prior to boot, acqmring control of the CPU; 

5 b) loading a verification program; 

c) verifying that the user is authorized using the verification program; 

d) prohibiting access to the compute if the usct is not authorized; 

and 

e) providing access to the conpiter if the user is authorized, 
10 conpising the steps of 

1) monitoring bus accesses to detect if a user is attenptiiig to 
read or write to an unauthorized peripheral; and 

2) destroying monoiy contents if unauthorized attempts at 
access are detected 

15 

2. A method of protecting information stored in nonvolatile memory of a 
conputer system having a systrai bus, comprising the steps of: 

a) providing a plurality of sources of identification infomiation for 
identifying an authorized iiser; 
20 b) restricting access to the conputer system by the steps of 

1) pafomiing pr*oot control of the compater, 

2) loading a voification program; 

3) reading identification information fi-om the plurality of 
sources; 

25 4) corrparing the identification information read fixm the 

plurality of sources to voify fte authorization of the user; 
c) if the user is an authorized user, providing access to the conputer 
by the steps of 

1) allowing access to the conputer system; 
30 2) constmcting an encrypticxi key fi-om the plurality of 

sources; and 
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3) enaypting the iirformatiQn stored in the nonvolatile 
memory using the constructed mcryption key; and 
d) if the user is not authorized, freezing the system bus such that 
anothCT attempt to access the compOsT syston requires a powerdown 
to reset the conputCT syston. 

3. Hie method according to claim 2, wherein the step of providing a 
plurality of sources includes the step of providing identification inforaiation 
fromi an integrated circuit card, identification infonnation irput from a user, 
and identification information resident in the conqniter system 

4. A method of protecting information stored in nonvolatile monoiy of a 
conputer systan, the conputer system having a central processing unit 
(CPU), the method comprising the st^s of: 

a) Foviding a conputcr system with an interfk^e board vvith a 
resident verification program and a loader program for loading tfie verification 
program; 

b) restricting access to the nonvolatile memoiy, v*a:rin^ 
restricting access indudes the steps of 

1) controlling the conpiter systan central processing unit 
(CPU) during initialization and prior to booting the conpiter, vAerdn 
the step of controlling comprises the steps of 

a monitoring and storing BIOS calls made by the CPU 
during tiie loading of the voification program; 

b. initiating an initialization of the computer system; 

c. simulating a boot disk such that the CPU loads the 
loader program; 

d executing the load^ program; 

e. loading the verification program; and 

f executing the verification program, who-ein said 
program verifies the identity of the usct; and 
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2) if the user is verified as an authorized user, allowing access 
by the steps of: 

a providmg access to &e nonvolatile memoiy; 

b. booting the con^juter system from the nonvolatQe 
memoi^ 

c. monitoring and storing BIOS calls made by the CPU 
during the booting step; and 

d detecting logical accesses whidi could conpromise 
the security of inforaiation stored in the nonvolatile memory, 
wherein the step of detecting logical accesses includes the steps 
of: 

1. conq^aring BIOS calls stored during the 
loading step with BIOS calls generated during the 
booting step; and 

15 2. ifBIOS calls do not match, fi-eezing the 

system bus, requiring a power cycle of the conputer 
system to reset die cornpvtar system. 

5. Tlie method of claim 4, wherein the method fijrther comprises the 
20 stqis of: 

constructing a unique encryption key obtained fi-om a plurality of 
sources; and 

enoypting inforaiadon stcffed to the nonvolatile raemoiy using the 
enarypdm key; 

25 and wherein the step 4.2.d2 of fi^eezing the system bus compises the 

step of logically destroying the data stored in Ae nonvolatile memory by 
destroying the raayption key. 



30 



6. TTie mefliod of claim 4, \siierein the step 4.2.d2 of fi-eezing the system 
bus conqmses the step of physically destroying the nonvolatQe memory, 
thereby destroying the data stored in the nonvolatile manory. 



wo 95/24696 



PCT/US95/02579 



32 

7. The method of claim 4 vdierein tfie step of detecting unauthorized 
logical accesses conprises detecting unauthorized peripheral accesses. 

8. A secure conputer system for controlling a user's access to 

5 confidential infonnation stored in nonvolatile memory, Ae system ccaipisipg: 

a) a system bus; 

b) a central processing unit (O^U); 

c) an identification card, containing identification infomiation for 
identifying autfac»ized uscts of the conpiter system; 

10 d) a card reader for reading identification infcnmation fi'om tiie 

identification card; and 

e) a card reader interface, connected to the system bus, wherein the 
interface operates to assume control of the CPU vpm initialization of the 
conputer system, the intCTface compising 
1^ 1) a dedicated data bus for communications with the 

nonvolatUe n^moiy; 

2) a dedicated data bus for communications with the card 
reader, 

3) a verification program to be executed the CPU for 
20 limiting access to the nonvolatile memory to only authorized users; 

4) a memory storage device for storing user-specific 
information; 

5) an encryption syston which enoypts the data stored to the 
nonvolatile mrniory using an raoyption key constructed fixjm data on 

25 the identification card, data in die memory storage device, and iiq>uts 

fi-om the user; 

6) an iiput^output bus address mcaiitor circuit for detecting 
atten^ to bypass the verification program; and 

7) a memory erasing circuit for destroying encryption key 
30 information stored in the memory storage device if an unauthorized 

access is detected by the inter&ce. 



wo 95/24696 



PCT/US95/02579 



33 

9. A method for protecting information stored in nonvolatile memoiy of a 
computer, the method conpising the steps of 

a) providing means for interfacing an infomiation bearing card to the 
conputer; 

5 b) storing individualized questions and answers vsdiidi uniquely 

identify a user on the information bearing cani; 

c) reading identification information and card information fi^om Ae 
information bearing card; 

d) executing a verification routine vpcm initialization in order to 
10 determine \^^lether the user is authorized to gain access to the protected 

infonnation stored in Ae nonvolatile memory, wherein the verification routine 
conprises asking the user the individualized questions and conparing answers 
received against the stored answers; and 

e) if the user correctly answers the questions, f)ermitting access to 
15 portions of the protected informaticm stored in the nonvolatile memoiy. 

10. The method according to claim 9, further conpising the step of: if the 
user does not correctly answer the questions, fi-eezing the conputer and 
requiring that the coraputa- power be cycled to reset the connputer. 

20 

1 1. The method according to" claim 9 fiirtha' conpising the step of 
programming flie information bearing card witii individualized access privily 
infomiarion to identify v^ch nonvolatile memory devices the user is 
privil^ed to access. 

25 

12. Tlie method according to claim 9, \^4iQ-ein the step of permitting 
access conpises tiie steps of 

a) verifying that flie user is privileged to access Ae inforaiation stared 
in a first storage device; and 
30 b) if the user is privileged to access the information stored in the first 

storage device, permitting access to the protected infomaation stored on the 
first storage device. 
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13. The method according to claim 1 1 further conprising fte step of if the 
uso" atteiiipli to access information from an inprivileged storage device, 
freezing the compute and forcing the user to reset the computer systan and 
begin authorization verification ag^ia 

5 

14. The method according to claim 9, v^CTein flie step of reading fiirther 
conpises the stq) of: incrmienting a retry counter if fte user incoirectly 
answers a question, and waiting for a subsequent user response if the retry 
counter has not reached a predetermined value, otherwise temiinating the 

10 authorization procedure. 



1 5. The method according to claim 9, wherein the step of reading fiirtho- 
conpises the steps of 

a) reading a card identification code from the card indicating card 

15 type; 

b) detemiining a card type from the card identification code; and 

c) if die card is a maintenance card, allowing a user access to &e 
computer for maintraance purposes, witibout allowing access to fte nonvolatile 
memory of the conputer. 

20 

16. A secure con^nrtCT providing fcM- the controlled access of internal 
devices via a card reader, the conputer conpising: 

a user input device; 

a card reader; 
25 a screen displa>r 

a central processing unit (CPU); 

a device containing non-volatile CPU program code; 

a CPU system boot ROM; 

a plurality of peripheral devices; 
30 a system data bus; 
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a microprocessor for writing and reading information to and from a 
card placed in tbe card reader, the microprocessor and the CPU 
connected through a dedicated data bus; 
an enctyption engine; 

a volatile memoiy device for stortpg data retrieved from the card by 
the microprocessor, 

said CPU system boot ROM including code for instructing the CPU to 
start executing the CPU program code in flie device so that tfie CPU 
program code in the device takes over control of the CPU, so that 
vpon a power-ip, clear, or warm-boot reset of the conputer the CPU 
program code in the device obtains control of the CPU; and 

said CPU responsive to said CPU program code, to perfomi an 
authorization verification procedure corrpising the steps of: 

a) instmcting the microprocessor to read a card placed in 
15 the card reader by a user and obtain at least one 

question from a list of questions stored in the card; 

b) displaying the question to tiie user on the screen display, 
and waiting for a response from the user on the wpat 
device; 

20 c) passing the response to the microprocessor and the 

miCToprocessor conparing at least one user response to 
a list of con-ect answers stored on the card; 

d) receiving the results of the comparison by the 
miCToprocessor and allowing access to die computer if at 

25 least one user response matches a corresponding conrect 

answer; 

e) gmerating an encryption key from data on the card, data 
stored in the volatile memoiy device, and responses 
received by the user; and 

30 f) encrypting all data stored to the plurality of peripheads 

using the enayption key. 
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17. The conqjuter of claim 16 further conprising: 

a security circuit for monitoring attrapted unauthorized accesses of &e 
coirq3uter; and 

a logical destract circuit, connected to the security drcuit, for 
5 destroying data in the volatile memory device if unauthorized access is 
detected by at least one of the nricroprocessor and the security circuit; 
and wherein the nricToprocessor perfomis the steps conpising: 

monitoring and storing CPU BIOS routine calls duripg the 
authorization verification procedure; 
10 monitoring and conparing the CPU BIOS routine caDs during 

the rebooting process to d^ect control of the system data bus by 
another program; and 

if the BIOS calls stored during the authorization verification 
procedure do not match the BIOS caUs monitored during the rebootii^g 
1 5 process, then logically destroying the data in the volatile memory 

device; and 

v^iierein the CPU perforaas the additional step of incrementing 
the value of a retry counter if the usct incorrectly answers a question, 
and waiting for a subsequent user response if the value of Ae retry 
20 counter is less flian a predetermined value, otherwise taminating the 

authorization procedure. 

18. Tlie conpjter of claim 17 v^^iCTein the ccmpvter iurtfaer conpises ooe 
or more physical destruct mechanisms logically connected to the 

25 miCTOprocessor for physically destroying data on at least one of the plurality 
of periph^ devices. 

19. The computer of claim 17 fiirther conpising a pltysical destruct 
output and physical destruct package, the ou^ut for triggering the physical 

30 destruction of the secure conpiter by conqDuter control upon detected 
attempted unauthorized access. 
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20. The conputer of claim 1 7 A\iierein the key infarmation is generated 
from data stored on the card, in the volatile memoiy device, and from 
responses entered in by a usct during the vaificaticsn procedure. 
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